A Malware-Tolerant, Self-Healing Industrial Control System Framework

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Standard

A Malware-Tolerant, Self-Healing Industrial Control System Framework. / Denzel, Michael; Ryan, Mark; Ritter, Eike.

ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings. ed. / Sabrina De Capitani di Vimercati; Fabio Martinelli. Springer, 2018. p. 46-60 (IFIP Advances in Information and Communication Technology ; Vol. 502).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Denzel, M, Ryan, M & Ritter, E 2018, A Malware-Tolerant, Self-Healing Industrial Control System Framework. in S De Capitani di Vimercati & F Martinelli (eds), ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings. IFIP Advances in Information and Communication Technology , vol. 502, Springer, pp. 46-60, 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), Rome, Italy, 29/05/17. https://doi.org/10.1007/978-3-319-58469-0_4

APA

Denzel, M., Ryan, M., & Ritter, E. (2018). A Malware-Tolerant, Self-Healing Industrial Control System Framework. In S. De Capitani di Vimercati, & F. Martinelli (Eds.), ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings (pp. 46-60). (IFIP Advances in Information and Communication Technology ; Vol. 502). Springer. https://doi.org/10.1007/978-3-319-58469-0_4

Vancouver

Denzel M, Ryan M, Ritter E. A Malware-Tolerant, Self-Healing Industrial Control System Framework. In De Capitani di Vimercati S, Martinelli F, editors, ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings. Springer. 2018. p. 46-60. (IFIP Advances in Information and Communication Technology ). https://doi.org/10.1007/978-3-319-58469-0_4

Author

Denzel, Michael ; Ryan, Mark ; Ritter, Eike. / A Malware-Tolerant, Self-Healing Industrial Control System Framework. ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings. editor / Sabrina De Capitani di Vimercati ; Fabio Martinelli. Springer, 2018. pp. 46-60 (IFIP Advances in Information and Communication Technology ).

Bibtex

@inproceedings{9ec7fb3f3d1a4258a109b71827e30f27,
title = "A Malware-Tolerant, Self-Healing Industrial Control System Framework",
abstract = "Industrial Control Systems (ICSs) are computers managing many critical infrastructures like power plants, aeroplanes, production lines, etc. While ICS were specialised hardware circuits without internet connection in former times, they are nowadays commodity computers with network connection, TCP/IP stack, and a full operating system, making them vulnerable to common attacks. The defensive mechanisms, however, are still lacking behind due to the strong requirement for availability of ICSs which prohibits to deploy typical countermeasures like e.g. an anti-virus. New techniques are needed to defend these systems under their distinct prerequisites. We introduce the concept of a malware-tolerant ICS network architecture which can still operate securely even when some components are entirely compromised by an attacker. This was done by replacing all single pointof-failures with multiple components verifying each other. We provide ProVerif proofs to show the correctness of the network protocol one-byone assuming each device compromised.Furthermore, we added a self-healing mechanism based on invariants to the architecture on network as well as system level which will reset failed or compromised systems. To demonstrate system level self-healing, we implemented it on top of FreeRTOS and ARM TrustZone. The network level self-healing was incorporated into the ProVerif proofs by formally verifying the absence of type 1 (falsely identified attacks) and type 2 errors (missed attacks).",
keywords = "Industrial Control System (ICS), Security, Malware Tolerance, Self-Healing",
author = "Michael Denzel and Mark Ryan and Eike Ritter",
year = "2018",
month = "7",
day = "22",
doi = "10.1007/978-3-319-58469-0_4",
language = "English",
isbn = "9783319584683",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer",
pages = "46--60",
editor = "{De Capitani di Vimercati}, Sabrina and Fabio Martinelli",
booktitle = "ICT Systems Security and Privacy Protection",

}

RIS

TY - GEN

T1 - A Malware-Tolerant, Self-Healing Industrial Control System Framework

AU - Denzel, Michael

AU - Ryan, Mark

AU - Ritter, Eike

PY - 2018/7/22

Y1 - 2018/7/22

N2 - Industrial Control Systems (ICSs) are computers managing many critical infrastructures like power plants, aeroplanes, production lines, etc. While ICS were specialised hardware circuits without internet connection in former times, they are nowadays commodity computers with network connection, TCP/IP stack, and a full operating system, making them vulnerable to common attacks. The defensive mechanisms, however, are still lacking behind due to the strong requirement for availability of ICSs which prohibits to deploy typical countermeasures like e.g. an anti-virus. New techniques are needed to defend these systems under their distinct prerequisites. We introduce the concept of a malware-tolerant ICS network architecture which can still operate securely even when some components are entirely compromised by an attacker. This was done by replacing all single pointof-failures with multiple components verifying each other. We provide ProVerif proofs to show the correctness of the network protocol one-byone assuming each device compromised.Furthermore, we added a self-healing mechanism based on invariants to the architecture on network as well as system level which will reset failed or compromised systems. To demonstrate system level self-healing, we implemented it on top of FreeRTOS and ARM TrustZone. The network level self-healing was incorporated into the ProVerif proofs by formally verifying the absence of type 1 (falsely identified attacks) and type 2 errors (missed attacks).

AB - Industrial Control Systems (ICSs) are computers managing many critical infrastructures like power plants, aeroplanes, production lines, etc. While ICS were specialised hardware circuits without internet connection in former times, they are nowadays commodity computers with network connection, TCP/IP stack, and a full operating system, making them vulnerable to common attacks. The defensive mechanisms, however, are still lacking behind due to the strong requirement for availability of ICSs which prohibits to deploy typical countermeasures like e.g. an anti-virus. New techniques are needed to defend these systems under their distinct prerequisites. We introduce the concept of a malware-tolerant ICS network architecture which can still operate securely even when some components are entirely compromised by an attacker. This was done by replacing all single pointof-failures with multiple components verifying each other. We provide ProVerif proofs to show the correctness of the network protocol one-byone assuming each device compromised.Furthermore, we added a self-healing mechanism based on invariants to the architecture on network as well as system level which will reset failed or compromised systems. To demonstrate system level self-healing, we implemented it on top of FreeRTOS and ARM TrustZone. The network level self-healing was incorporated into the ProVerif proofs by formally verifying the absence of type 1 (falsely identified attacks) and type 2 errors (missed attacks).

KW - Industrial Control System (ICS)

KW - Security

KW - Malware Tolerance

KW - Self-Healing

U2 - 10.1007/978-3-319-58469-0_4

DO - 10.1007/978-3-319-58469-0_4

M3 - Conference contribution

SN - 9783319584683

T3 - IFIP Advances in Information and Communication Technology

SP - 46

EP - 60

BT - ICT Systems Security and Privacy Protection

A2 - De Capitani di Vimercati, Sabrina

A2 - Martinelli, Fabio

PB - Springer

ER -